Dr Peter McLaren P.McLaren2@napier.ac.uk
Associate
Mining malware command and control traces
McLaren, Peter; Russell, Gordon; Buchanan, Bill
Authors
Dr Gordon Russell G.Russell@napier.ac.uk
Associate Professor
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Abstract
Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection of malware command and control channels could help prevent further malicious activity by cyber criminals using the malware. Detection of malware in network traffic is traditionally carried out by identifying specific patterns in packet payloads. Now bot writers encrypt the command and control payloads, making pattern recognition a less effective form of detection. This paper focuses instead on an effective anomaly based detection technique for bot and advanced persistent threats using a data mining approach combined with applied classification algorithms. After additional tuning, the final test on an unseen dataset, false positive rates of 0% with malware detection rates of 100% were achieved on two examined malware threats, with promising results on a number of other threats.
Citation
McLaren, P., Russell, G., & Buchanan, B. (2017, July). Mining malware command and control traces. Presented at 2017 Computing Conference
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 2017 Computing Conference |
| Start Date | Jul 18, 2017 |
| End Date | Jul 20, 2017 |
| Acceptance Date | Oct 3, 2016 |
| Online Publication Date | Jan 11, 2018 |
| Publication Date | Jan 11, 2018 |
| Deposit Date | Dec 1, 2016 |
| Publicly Available Date | Dec 2, 2016 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Book Title | Proceedings of the SAI Computing Conference 2017 |
| ISBN | 9781509054435 |
| DOI | https://doi.org/10.1109/SAI.2017.8252185 |
| Keywords | malware; data mining; command and control; anomaly based detection; botnet; advanced persistent threat |
| Public URL | http://researchrepository.napier.ac.uk/Output/446322 |
| Contract Date | Dec 1, 2016 |
Files
Mining Malware Command And Control Traces - Original
(564 Kb)
PDF
Copyright Statement
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works
You might also like
Decrypting Live SSH Traffic in Virtual Environments
(2019)
Journal Article
Detection of Ransomware
(2024)
Patent
Deriving ChaCha20 Key Streams From Targeted Memory Analysis
(2019)
Journal Article